E-mail is an efficient form of communication that has become widely adopted by both individuals and organizations. Today, more and more people are relying on e-mail to connect them with their friends, family, colleagues, customers and business partners. Unfortunately, as e-mail usage has evolved, so too has its threats. In particular, spam, which is also known as unsolicited bulk e-mail, has become an increasingly difficult threat to detect and continues to be getting worse.
One reason behind this increase in spam is the growing usage of spam zombies to deliver spam. Specifically, according to industry metrics, approximately 90% of all spam comes from spam zombies. A spam zombie is an end-user system that has been compromised by malware where malware is defined as any software program developed for the purpose of causing harm to a computer system, similar to a virus or trojan horse. Once malware is installed on the system, an attacker such as a spammer is able to use the compromised system as a spam distribution channel without the knowledge of the system owner.
Spam zombies have become a preferred means of sending spam because they allow spammers to use other people's resources to send spam, they protect the spammer's identity and they can overcome existing anti-spam filtering techniques. For example, a fresh supply of spam zombies can overcome spam-zombie specific filtering techniques such as the Spamhaus eXploits Block List (XBL) blacklist. Since spam zombies are known to generate a large amount of spam upon creation, it is possible that a large volume of spam can get through a filter that utilizes blacklists.
As such, there is a need to improve existing spam zombie detection mechanisms to detect spam from spam zombies and more particularly, the implementation of a technique for list generalization.